The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the installation of the scrapling package and its associated browser engines from external registries using the commands uv tool install and scrapling install. These dependencies are fetched without specifying fixed versions.
[COMMAND_EXECUTION]: The skill includes an interactive shell and a command-line interface (scrapling shell -c) that allows for the dynamic evaluation of code strings for extraction logic, which could be leveraged to execute arbitrary Python code.
[PROMPT_INJECTION]: The skill scrapes data from arbitrary external URLs and instructs the agent to read and process the output, making it vulnerable to indirect prompt injection from malicious content embedded on the targeted web pages. 1. Ingestion points: External data enters the agent's context from URLs fetched via the scrapling extract commands found in SKILL.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are specified for the scraped content. 3. Capability inventory: The skill possesses capabilities for network requests, file system access in /tmp, and execution of the scrapling CLI tool. 4. Sanitization: There is no mention of sanitization or filtering of the scraped content before the agent reads it.

cli-web-scrape